summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/provisioning_api/lib/Controller/AppsController.php6
-rw-r--r--apps/provisioning_api/lib/Controller/GroupsController.php4
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php21
-rw-r--r--lib/private/User/Session.php5
-rw-r--r--tests/lib/User/SessionTest.php101
5 files changed, 130 insertions, 7 deletions
diff --git a/apps/provisioning_api/lib/Controller/AppsController.php b/apps/provisioning_api/lib/Controller/AppsController.php
index 7d11d92b55a..e384d5af907 100644
--- a/apps/provisioning_api/lib/Controller/AppsController.php
+++ b/apps/provisioning_api/lib/Controller/AppsController.php
@@ -25,12 +25,10 @@
namespace OCA\Provisioning_API\Controller;
-use OC\OCSClient;
use \OC_App;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
-use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
@@ -86,7 +84,7 @@ class AppsController extends OCSController {
/**
* @param string $app
* @return DataResponse
- * @throws OCSNotFoundException
+ * @throws OCSException
*/
public function getAppInfo($app) {
$info = \OCP\App::getAppInfo($app);
@@ -98,6 +96,7 @@ class AppsController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @param string $app
* @return DataResponse
*/
@@ -107,6 +106,7 @@ class AppsController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @param string $app
* @return DataResponse
*/
diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php
index d36d0de8997..c772076c3d1 100644
--- a/apps/provisioning_api/lib/Controller/GroupsController.php
+++ b/apps/provisioning_api/lib/Controller/GroupsController.php
@@ -128,7 +128,7 @@ class GroupsController extends OCSController {
/**
* creates a new group
*
- * @NoAdminRequired
+ * @PasswordConfirmationRequired
*
* @param string $groupid
* @return DataResponse
@@ -149,6 +149,8 @@ class GroupsController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
+ *
* @param string $groupId
* @return DataResponse
* @throws OCSException
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 8e5975468b1..cc1d63d2d34 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -93,6 +93,7 @@ class UsersController extends OCSController {
*/
public function getUsers($search = '', $limit = null, $offset = null) {
$user = $this->userSession->getUser();
+ $users = [];
// Admin? Or SubAdmin?
$uid = $user->getUID();
@@ -125,6 +126,7 @@ class UsersController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @NoAdminRequired
*
* @param string $userid
@@ -218,6 +220,7 @@ class UsersController extends OCSController {
/**
* @NoAdminRequired
* @NoSubAdminRequired
+ * @PasswordConfirmationRequired
*
* edit users
*
@@ -308,6 +311,7 @@ class UsersController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @NoAdminRequired
*
* @param string $userId
@@ -339,20 +343,26 @@ class UsersController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
+ * @throws OCSException
+ * @throws OCSForbiddenException
*/
public function disableUser($userId) {
return $this->setEnabled($userId, false);
}
/**
+ * @PasswordConfirmationRequired
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
+ * @throws OCSException
+ * @throws OCSForbiddenException
*/
public function enableUser($userId) {
return $this->setEnabled($userId, true);
@@ -390,8 +400,7 @@ class UsersController extends OCSController {
*
* @param string $userId
* @return DataResponse
- * @throws OCSForbiddenException
- * @throws OCSNotFoundException
+ * @throws OCSException
*/
public function getUsersGroups($userId) {
$loggedInUser = $this->userSession->getUser();
@@ -430,6 +439,7 @@ class UsersController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @param string $userId
* @param string $groupid
* @return DataResponse
@@ -455,9 +465,10 @@ class UsersController extends OCSController {
}
/**
+ * @PasswordConfirmationRequired
* @NoAdminRequired
*
- * @param string userId
+ * @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
@@ -511,6 +522,8 @@ class UsersController extends OCSController {
/**
* Creates a subadmin
*
+ * @PasswordConfirmationRequired
+ *
* @param string $userId
* @param string $groupid
* @return DataResponse
@@ -550,6 +563,8 @@ class UsersController extends OCSController {
/**
* Removes a subadmin from a group
*
+ * @PasswordConfirmationRequired
+ *
* @param string $userId
* @param string $groupid
* @return DataResponse
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index c3561cf64e3..dcda825b9db 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -423,6 +423,7 @@ class Session implements IUserSession, Emitter {
*
* @todo do not allow basic auth if the user is 2FA enforced
* @param IRequest $request
+ * @param OC\Security\Bruteforce\Throttler $throttler
* @return boolean if the login was successful
*/
public function tryBasicAuthLogin(IRequest $request,
@@ -440,6 +441,10 @@ class Session implements IUserSession, Emitter {
$this->session->set(
Auth::DAV_AUTHENTICATED, $this->getUser()->getUID()
);
+
+ // Set the last-password-confirm session to make the sudo mode work
+ $this->session->set('last-password-confirm', $this->timeFacory->getTime());
+
return true;
}
} catch (PasswordLoginForbiddenException $ex) {
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index 78b673d10bd..27cb92d6732 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -8,6 +8,7 @@
namespace Test\User;
+use OC\AppFramework\Http\Request;
use OC\Authentication\Token\DefaultTokenMapper;
use OC\Authentication\Token\DefaultTokenProvider;
use OC\Authentication\Token\IProvider;
@@ -17,6 +18,7 @@ use OC\Session\Memory;
use OC\User\Manager;
use OC\User\Session;
use OC\User\User;
+use OCA\DAV\Connector\Sabre\Auth;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IConfig;
use OCP\ILogger;
@@ -1219,4 +1221,103 @@ class SessionTest extends \Test\TestCase {
$this->userSession->createRememberMeToken($user);
}
+
+ public function testTryBasicAuthLoginValid() {
+ $request = $this->createMock(Request::class);
+ $request->method('__get')
+ ->willReturn([
+ 'PHP_AUTH_USER' => 'username',
+ 'PHP_AUTH_PW' => 'password',
+ ]);
+ $request->method('__isset')
+ ->with('server')
+ ->willReturn(true);
+
+ $davAuthenticatedSet = false;
+ $lastPasswordConfirmSet = false;
+
+ $this->session
+ ->method('set')
+ ->will($this->returnCallback(function($k, $v) use (&$davAuthenticatedSet, &$lastPasswordConfirmSet) {
+ switch ($k) {
+ case Auth::DAV_AUTHENTICATED:
+ $davAuthenticatedSet = $v;
+ return;
+ case 'last-password-confirm':
+ $lastPasswordConfirmSet = 1000;
+ return;
+ default:
+ throw new \Exception();
+ }
+ }));
+
+ $userSession = $this->getMockBuilder(Session::class)
+ ->setConstructorArgs([
+ $this->manager,
+ $this->session,
+ $this->timeFactory,
+ $this->tokenProvider,
+ $this->config,
+ $this->random,
+ ])
+ ->setMethods([
+ 'logClientIn',
+ 'getUser',
+ ])
+ ->getMock();
+
+ /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
+ $userSession->expects($this->once())
+ ->method('logClientIn')
+ ->with(
+ $this->equalTo('username'),
+ $this->equalTo('password'),
+ $this->equalTo($request),
+ $this->equalTo($this->throttler)
+ )->willReturn(true);
+
+ $user = $this->createMock(IUser::class);
+ $user->method('getUID')->willReturn('username');
+
+ $userSession->expects($this->once())
+ ->method('getUser')
+ ->willReturn($user);
+
+ $this->assertTrue($userSession->tryBasicAuthLogin($request, $this->throttler));
+
+ $this->assertSame('username', $davAuthenticatedSet);
+ $this->assertSame(1000, $lastPasswordConfirmSet);
+ }
+
+ public function testTryBasicAuthLoginNoLogin() {
+ $request = $this->createMock(Request::class);
+ $request->method('__get')
+ ->willReturn([]);
+ $request->method('__isset')
+ ->with('server')
+ ->willReturn(true);
+
+ $this->session->expects($this->never())
+ ->method($this->anything());
+
+ $userSession = $this->getMockBuilder(Session::class)
+ ->setConstructorArgs([
+ $this->manager,
+ $this->session,
+ $this->timeFactory,
+ $this->tokenProvider,
+ $this->config,
+ $this->random,
+ ])
+ ->setMethods([
+ 'logClientIn',
+ ])
+ ->getMock();
+
+ /** @var Session|\PHPUnit_Framework_MockObject_MockObject */
+ $userSession->expects($this->never())
+ ->method('logClientIn');
+
+ $this->assertFalse($userSession->tryBasicAuthLogin($request, $this->throttler));
+ }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-30 19:11:13 +0000